refactor: moved secure boot and disko

flake.nix

@@ -40,18 +40,7 @@
         users = [
           "jml"
         ];
-        extraModules = [
+        extraModules = [];
-          { nixpkgs.config.allowUnfree = true; }
-          disko.nixosModules.disko
-          ./hosts/titanium/disko.nix  # TODO: Import this in mkSystem if both the file and module exist.
-          lanzaboote.nixosModules.lanzaboote
-          ({ pkgs, lib, ... }: {
-            environment.systemPackages = [ pkgs.sbctl ];
-            boot.loader.systemd-boot.enable = lib.mkForce false;
-            boot.lanzaboote.enable = true;
-            boot.lanzaboote.pkiBundle = "/var/lib/sbctl";
-          })
-        ];
       };
       # `nix build .#nixosConfigurations.installIso.config.system.build.isoImage`
       # https://github.com/nix-community/nixos-generators

hosts/titanium/default.nix

@@ -1,5 +1,6 @@
 { inputs, ... }:
 {
+  nixpkgs.config.allowUnfree = true;
   imports = [
     ../../modules/nixos/base.nix
     ../../modules/nixos/audio.nix
@@ -9,5 +10,8 @@
     #./hardware.nix
     ./configuration.nix
     ./nvidia.nix
+    ./secure-boot.nix
+    inputs.disko.nixosModules.disko
+    ./disko.nix
   ];
 }

hosts/titanium/secure-boot.nix

@@ -0,0 +1,7 @@
+{ pkgs, lib, inputs, ... }: {
+  imports = with inputs; [ lanzaboote.nixosModules.lanzaboote ];
+  environment.systemPackages = [ pkgs.sbctl ];
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.lanzaboote.enable = true;
+  boot.lanzaboote.pkiBundle = "/var/lib/sbctl";
+}